<?php
class Admin{
	public static $loginStatus = null;
	public static $adminRights = array();
	
	private function __construct() {} // Prevent creating an Instance
	
	public static function login($loginName,$loginPw) {
		if(empty($loginName) || empty($loginPw)) exit;
		
		// Create Hash
		$pwHash = sha1($loginName.$loginPw);
		
		$query = DB::getInstance()->query("
			SELECT 
				COUNT(id) as count,
				id,
				adminName
			FROM
				".Tables::$adminTbl."
			WHERE
				adminName = '".DB::parseVar($loginName)."' &&
				adminPassword = '".$pwHash."'
			GROUP BY
				id");
		$res = DB::getInstance()->fetchArray($query);
		if($res['count'] > 0) {
			// Save Session
			Admin::saveLoginInSession($res);
			return true;
		}else{
			return false;
		}
	}
	
	public static function saveLoginInSession($data) {
		 $_SESSION['ld_uid'] = $data['id'];
		 $_SESSION['ld_name'] = $data['adminName'];
		 
         DB::getInstance()->query("
         	UPDATE 
         		".Tables::$adminTbl." 
         	SET 
         		adminSession = '".session_id()."' 
         	WHERE 
         		id = '".$data['id']."'");
	}
	
	public static function isLoggedIn() {
		if(Admin::$loginStatus != null) return Admin::$loginStatus;
		
		if(!isset($_SESSION['ld_uid']) || !isset($_SESSION['ld_name'])) return false;
		if(!is_numeric($_SESSION['ld_uid'])) return false;
		
		$query = DB::getInstance()->query("
			SELECT
				id
			FROM
				".Tables::$adminTbl."
			WHERE
				id = '".DB::parseVar($_SESSION['ld_uid'])."' &&
				adminName = '".DB::parseVar($_SESSION['ld_name'])."' &&
				adminSession = '".session_id()."'");
		if(DB::getInstance()->numRows($query) > 0) {
			return true;
		}else{
			return false;
		}
	}
	
	public static function isFounder() {
		if(!isset($_SESSION['ld_uid']) || !is_numeric($_SESSION['ld_uid']) || !isset($_SESSION['ld_name'])) return false;
		
		$query = DB::getInstance()->query("
			SELECT
				adminFounder
			FROM
				".Tables::$adminTbl."
			WHERE
				id = '".DB::parseVar($_SESSION['ld_uid'])."' &&
				adminName = '".DB::parseVar($_SESSION['ld_name'])."' &&
				adminSession = '".session_id()."'");
		$res = DB::getInstance()->fetchArray($query);
		
		if($res['adminFounder'] == 0) return true;
		return false;
	}
	
	public static function logout() {
		if(!isset($_SESSION['ld_uid']) || !isset($_SESSION['ld_name'])) return false;
		if(!is_numeric($_SESSION['ld_uid'])) return false;
		
		$query = DB::getInstance()->query("
			UPDATE
				".Tables::$adminTbl."
			SET
				adminSession = ''
			WHERE
				id = '".DB::parseVar($_SESSION['ld_uid'])."' &&
				adminName = '".DB::parseVar($_SESSION['ld_name'])."' &&
				adminSession = '".session_id()."'");
		
		unset($_SESSION['ld_uid']);
		unset($_SESSION['ld_name']);
	}
	
	
	public static function getAdminRights($adminId) {
		if(!is_numeric($adminId)) exit;
		
		$adminRights = array();
		
		$query = DB::getInstance()->query("
			SELECT
				".Tables::$adminRightsTbl.".rightName,
				".Tables::$rightToAdminTbl.".value
			FROM
				".Tables::$adminRightsTbl."
				LEFT JOIN
					".Tables::$rightToAdminTbl."
				ON
					".Tables::$adminRightsTbl.".id = ".Tables::$rightToAdminTbl.".rightId &&
					".Tables::$rightToAdminTbl.".adminId = '".$adminId."'");
		
		while($r = DB::getInstance()->fetchAssoc($query)) {
			$val = ($r['value'] == "") ? 1:$r['value'];
			$r['value'] = $val;
			$adminRights[$r['rightName']] = $val;
		}
		return $adminRights;
	}
	
	
	public static function getAdminRightsCompl($adminId) {
		if(!is_numeric($adminId)) exit;
		
		$adminRights = array();
		
		$query = DB::getInstance()->query("
			SELECT
				".Tables::$adminRightsTbl.".id as rightId,
				".Tables::$adminRightsTbl.".rightName,
				".Tables::$rightToAdminTbl.".value,
				".Tables::$rightToAdminTbl.".id as rightToAdminId,
				".Tables::$adminRightsTbl.".rightOutput
			FROM
				".Tables::$adminRightsTbl."
				LEFT JOIN
					".Tables::$rightToAdminTbl."
				ON
					".Tables::$adminRightsTbl.".id = ".Tables::$rightToAdminTbl.".rightId &&
					".Tables::$rightToAdminTbl.".adminId = '".$adminId."'");
		
		while($r = DB::getInstance()->fetchAssoc($query)) {
			$val = ($r['value'] == "") ? 1:$r['value'];
			$r['value'] = $val;
			$adminRights[$r['rightName']] = $r;
		}
		return $adminRights;
	}
	
	
	
	
	
	public static function createAdmin($name,$pw,$email) {
		DB::getInstance()->query("
			INSERT INTO
				".Tables::$adminTbl."
			SET
				adminName = '".DB::parseVar($name)."',
				adminPassword = '".sha1(DB::parseVar($name).$pw)."',
				adminEmail = '".DB::parseVar($email)."',
				adminFounder = '1'");
		
		$adminId = mysql_insert_id();
		
		// Get Rights
		$query = DB::getInstance()->query("
			SELECT
				id
			FROM
				".Tables::$adminRightsTbl."");
		while($r = DB::getInstance()->fetchAssoc($query)) {
			// Add Right to Admin with value=0 (forbidden)
			DB::getInstance()->query("
				INSERT INTO
					".Tables::$rightToAdminTbl."
				SET
					adminId = '".$adminId."',
					rightId = '".$r['id']."',
					value = '1'");
		}
	}
	
	public static function editAdmin($id,$name,$pw,$email) {
		if(!is_numeric($id)) exit;
		
		if($pw != "") {
			DB::getInstance()->query("
				UPDATE
					".Tables::$adminTbl."
				SET
					adminName = '".DB::parseVar($name)."',
					adminPassword = '".sha1(DB::parseVar($name).$pw)."',
					adminEmail = '".DB::parseVar($email)."'
				WHERE
					id ='".$id."'");
		}else{
			DB::getInstance()->query("
				UPDATE
					".Tables::$adminTbl."
				SET
					adminName = '".DB::parseVar($name)."',
					adminEmail = '".DB::parseVar($email)."'
				WHERE
					id ='".$id."'");
		}
	}
	
	public static function deleteAdmin($id) {
		if(!is_numeric($id)) exit;
		
		DB::getInstance()->query("
			DELETE FROM
				".Tables::$adminTbl."
			WHERE
				id = '".$id."'");
		
		// Delete Admin-Rights
		DB::getInstance()->query("
			DELETE FROM
				".Tables::$rightToAdminTbl."
			WHERE
				adminId = '".$id."'");
	}
	
	
	public static function checkPermission($rightName) {
		if(!Admin::isLoggedIn() || (Admin::$adminRights[$rightName] != 0 && General::getInstance()->getGlobalVar("isFounder") != true)) {
			return false;
		}
		return true;
	}
	
	public static function getAdminNameById($id) {
		if(!is_numeric($id)) exit;
		
		$query = DB::getInstance()->query("
			SELECT
				adminName
			FROM
				".Tables::$adminTbl."
			WHERE
				id = '".$id."'");
		$res = DB::getInstance()->fetchAssoc($query);
		return $res['adminName'];
	}
}
?>